[Samba] Windows clients connecting to Samba with OpenLDAP password backend

Gaiseric Vandal gaiseric.vandal at gmail.com
Mon Nov 2 07:30:43 MST 2009

Are you using UFS or ZFS on the underlying file system-  ZFS has a lot 
more granularity - which is both a blessing and curse when it comes do 
ZFS  / Windows ACL integration.   Although why smbclient should be 
different either I don't know.

Are the initial ACL entries the same on a new file or directory when 
created with Windows vs smbclient?

Are you using winbind at all?    Is the server a PDC?  Are there 
multiple servers?

I ran into one issue with samba member servers in a domain:   if  I set 
looked at permissions via windows it would show entries for 
"UNIX/somename" not "MYDOMAIN/somename."    (this was when I was using 
LDAP for unix accounts but not for the actual samba passwords.

On 11/02/09 08:38, Adam Tauno Williams wrote:
> On Mon, 2009-11-02 at 12:56 +0000, Jonathan Adams wrote:
>> I am having real troubles with one of our servers.
>> Background:
>> We have been using samba in our company for more than 11 years now, since
>> version 1.9.16 ...
>> We run Sun Solaris on our servers.
>> We used to run NIS+ as our password system, but due to it's almost
>> impossibility to manage (basically only I knew how) we've moved to LDAP ...
>> We have now decided to centralize all our Samba passwords into the LDAP.
> Because LDAP is easier to manage! :)  I've been an OpenLDAP admin for 10
> + years... that really illustrates how horrible NIS was.
>> On the one machine configured to use LDAP for passwords we have a mysterious
>> problem, If we access the machine via a Windows computer (XP, Vista, etc) we
>> can create files and folders we can even rename and delete folders, but we
>> cannot rename or delete files.
> This sounds like a basic permissions problem.  If NSS is working, and
> you've authenticated, it pretty much has to be a permissions problem.
>> If we access the machine via a Solaris or Linux machine using smbclient we
>> can do everything.
> Maybe those are invoking "unix extensions".  I've got no clue how that
> specifically would effect permission handling.
>> I originally wondered if it was due to the Sun compiled Samba 3.0.35 server
>> that is installed, so i removed it and compiled in 3.4.2 with OpenLDAP
>> support, but it has exactly the same issues.
> Which even more strongly points to a permissions issue.
>> This problem does not occur on our other machines (that run ldap as their
>> naming service in all but samba) ...
> I'm not sure what this means.
>> I'm happy to show all relevant information and logs/debugs if
>> necessary
>> I have seen some people talk about this before on the internet, but there
>> doesn't appear to be any answer.

More information about the samba mailing list